公开(公告)号：US06327658B1

公开(公告)日：2001-12-04

申请号：US09185644

申请日：1998-11-04

申请人： Seiichi Susaki ,  Katsuyuki Umezawa ,  Tadashi Kaji ,  Satoru Tezuka ,  Ryoichi Sasaki ,  Kuniaki Tabata ,  Takashi Akaosugi ,  Akira Kito

发明人： Seiichi Susaki ,  Katsuyuki Umezawa ,  Tadashi Kaji ,  Satoru Tezuka ,  Ryoichi Sasaki ,  Kuniaki Tabata ,  Takashi Akaosugi ,  Akira Kito

IPC分类号： H04L932

CPC分类号： H04L63/104 ,  G06F21/51 ,  H04L29/06 ,  H04L67/42

摘要： A distributed object system comprising at least one object distributing server, at least one client terminal and at least one server object execution server according to the present invention, including: an object distributing server for storing an object program to which an electronic signature is affixed; a client terminal including means for down-loading the object program from the object distributing server, means for verifying the electronic signature affixed to the object program, means for executing the client object program when the completeness of the object program is confirmed and the user of the client terminal beforehand permits execution of the client object program which is electronically signed by a signatory, and means for transmitting the electronic signature affixed to the object program to a server object execution server; and a server object execution server including means for verifying the signature received, and means for supplying services to the user of the client terminal when the completeness of the object program is confirmed and the user and the object program permit use of the services in advance, which makes it possible to prevent a client object which is down-loaded to a client terminal through a network and executed therein from carrying out unjustified processing (not intended by a user using the client terminal) by using authority of the user.

摘要翻译： 一种包括至少一个对象分发服务器，至少一个客户端终端和至少一个服务器对象执行服务器的分布式对象系统，包括：对象分发服务器，用于存储附加有电子签名的对象程序; 包括用于从对象分发服务器下载对象程序的装置的客户终端，用于验证附加到对象程序的电子签名的装置，当确认对象程序的完整性时执行客户对象程序的装置， 客户端预先允许执行由签名人电子签名的客户对象程序，以及用于将附加到对象程序的电子签名发送到服务器对象执行服务器的装置; 以及服务器对象执行服务器，包括用于验证所接收的签名的装置，以及当确认对象程序的完整性并且用户和对象程序预先使用服务时向客户端的用户提供服务的装置， 这使得可以通过使用用户的权限来防止通过网络向客户端终端下载的客户端对象并在其中执行，以执行不合理的处理（不是由用户使用客户终端的用户）。

公开(公告)号：US06189032B1

公开(公告)日：2001-02-13

申请号：US09015220

申请日：1998-01-29

申请人： Seiichi Susaki ,  Hisashi Umeki ,  Katsuyuki Umezawa ,  Seiji Miyazaki ,  Kazuo Matsunaga ,  Makoto Kitagawa

发明人： Seiichi Susaki ,  Hisashi Umeki ,  Katsuyuki Umezawa ,  Seiji Miyazaki ,  Kazuo Matsunaga ,  Makoto Kitagawa

IPC分类号： G06F15173

CPC分类号： G06F21/40 ,  G06F21/31

摘要： A client-server system is provided in which access to a service by a user can properly be controlled, even if an approval by another user is required for receiving the service. First, the server 2 executes a log-in processing by using a user identifier and password transmitted from the client terminal 2, and a user control file 202. Next, the server 2 executes a service control by using a service supply request transmitted from the client terminal 1 and a service control file 42 provided with the server. When the server determines that an approval by another user is required for providing the service, the server executes the approval request to the client terminal 1 that the concerned user uses. When the reply to the approval request is affirmative, the server executes the processing in accordance with the foregoing service supply request. When the reply is negative, the server informs to the user who made the foregoing service supply request that the approval is rejected.

摘要翻译： 提供了一种客户机 - 服务器系统，其中即使需要其他用户的批准来接收服务，用户可以正确地控制对服务的访问。 首先，服务器2通过使用从客户终端2发送的用户标识符和密码以及用户控制文件202来执行登录处理。接下来，服务器2通过使用从服务器2发送的服务提供请求来执行服务控制 客户终端1和提供有服务器的服务控制文件42。 当服务器确定需要其他用户的批准来提供服务时，服务器向相关用户使用的客户终端1执行批准请求。 当对批准请求的答复是肯定的时，服务器根据上述服务提供请求执行处理。 当答复为否定的时候，服务器向用户通知上述服务提供请求是否拒绝批准。

公开(公告)号：US07386722B2

公开(公告)日：2008-06-10

申请号：US10766869

申请日：2004-01-30

申请人： Katsuyuki Umezawa ,  Hiroki Uchiyama ,  Seiichi Susaki ,  Toshiomi Kodama

发明人： Katsuyuki Umezawa ,  Hiroki Uchiyama ,  Seiichi Susaki ,  Toshiomi Kodama

IPC分类号： H04L9/00

CPC分类号： H04L63/0442 ,  H04L9/3234 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/0823 ,  H04L63/0853

摘要： A certificate management method is provided whereby a plurality of service providers have different reliable certificate authorities and, when certificates issued from the certificate authorities are implemented into a smart card, merely by revoking the certificate issued from the certificate authority on which the first service provider relies, all other implemented certificates can be revoked, and the certificates can be individually revoked. A system for implementing the method is provided. The certificate authorities n (n≧2) issue a certificate n by using a private key n′ corresponding to certificate n′ generated by using a certificate 1 issued from a certificate authority 1 which has previously been installed in the smart card and a corresponding private key 1. Thus, the issued certificates have a hierarchical chain relation. When the user wants to revoke all certificates, the certificate 1 issued from the certificate authority 1 is revoked.

摘要翻译： 提供了一种证书管理方法，其中多个服务提供者具有不同的可靠的证书颁发机构，并且当从证书颁发机构颁发的证书被实现到智能卡中时，仅通过撤销从第一服务提供商所依赖的证书颁发机构颁发的证书 ，所有其他实施的证书可以被撤销，证书可以被单独撤销。 提供了一种实现该方法的系统。 证书机构n（n> = 2）通过使用通过使用从先前安装在智能卡中的证书颁发机构1发出的证书1生成的证书n'的私钥n'发出证书n， 私钥1。 因此，颁发的证书具有分层链式关系。 当用户要撤销所有证书时，从证书颁发机构1发出的证书1被撤销。

公开(公告)号：US20070057044A1

公开(公告)日：2007-03-15

申请号：US11520645

申请日：2006-09-14

申请人： Hiroki Uchiyama ,  Katsuyuki Umezawa ,  Seiichi Susaki ,  Kenzi Matsumoto

发明人： Hiroki Uchiyama ,  Katsuyuki Umezawa ,  Seiichi Susaki ,  Kenzi Matsumoto

IPC分类号： G06K5/00

CPC分类号： G06F21/57 ,  G06F21/572 ,  G06F21/77 ,  G06F2221/2141 ,  G06Q20/3552 ,  G07F7/1008

摘要： A Smart card-based service providing system and method, in which a service application uses resources of a common application and which can easily cope with an addition of a service application into the Smart card and thereby efficiently utilize valuable resources of the Smart card, is provided. A management application specially designed for access control is installed in the Smart card to solely manage access management information. A management of or a decision on an access right is not performed by the service application or the common application but by the management application. When a new application is added to the Smart card, the service provider device receives a permission to update access management information beforehand from the card issuer device and, based on the permission, updates the access management information.

摘要翻译： 一种基于智能卡的服务提供系统和方法，其中服务应用使用通用应用的资源，并且可以容易地将服务应用程序的添加应用于智能卡中，从而有效地利用智能卡的有价值的资源。 提供。 智能卡中安装了专门用于访问控制的管理应用程序，用于管理访问管理信息。 访问权限的管理或决定不由服务应用程序或通用应用程序执行，而是由管理应用程序执行。 当将新的应用程序添加到智能卡时，服务提供者设备预先从卡发行者设备接收更新访问管理信息的许可，并且基于该许可更新访问管理信息。

公开(公告)号：US07357313B2

公开(公告)日：2008-04-15

申请号：US11520645

申请日：2006-09-14

申请人： Hiroki Uchiyama ,  Katsuyuki Umezawa ,  Seiichi Susaki ,  Kenzi Matsumoto

发明人： Hiroki Uchiyama ,  Katsuyuki Umezawa ,  Seiichi Susaki ,  Kenzi Matsumoto

IPC分类号： G06K5/00

CPC分类号： G06F21/57 ,  G06F21/572 ,  G06F21/77 ,  G06F2221/2141 ,  G06Q20/3552 ,  G07F7/1008

摘要： A Smart card-based service providing system and method, in which a service application uses resources of a common application and which can easily cope with an addition of a service application into the Smart card and thereby efficiently utilize valuable resources of the Smart card, is provided. A management application specially designed for access control is installed in the Smart card to solely manage access management information. A management of or a decision on an access right is not performed by the service application or the common application but by the management application. When a new application is added to the Smart card, the service provider device receives a permission to update access management information beforehand from the card issuer device and, based on the permission, updates the access management information.

摘要翻译： 一种基于智能卡的服务提供系统和方法，其中服务应用使用通用应用的资源，并且可以容易地将服务应用程序的添加应用于智能卡中，从而有效地利用智能卡的有价值的资源。 提供。 智能卡中安装了专门用于访问控制的管理应用程序，用于管理访问管理信息。 访问权限的管理或决定不由服务应用程序或通用应用程序执行，而是由管理应用程序执行。 当将新的应用程序添加到智能卡时，服务提供者设备预先从卡发行者设备接收更新访问管理信息的许可，并且基于许可更新访问管理信息。

公开(公告)号：US20080016335A1

公开(公告)日：2008-01-17

申请号：US11762412

申请日：2007-06-13

申请人： Aya Takahashi ,  Hisao Sakazaki ,  Seiichi Susaki ,  Kazuko Hamaguchi ,  Katsuyuki Umezawa ,  Ken Kobayashi ,  Kazuyoshi Hoshino

发明人： Aya Takahashi ,  Hisao Sakazaki ,  Seiichi Susaki ,  Kazuko Hamaguchi ,  Katsuyuki Umezawa ,  Ken Kobayashi ,  Kazuyoshi Hoshino

IPC分类号： H04L9/32

CPC分类号： H04L9/3263

摘要： Upon issuance of an attribute certificate, an attribute authority apparatus makes a determination policy available. The determination policy includes information designating at least one item to be checked by a service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination. The determination policy may be recorded in the attribute certificate, or released to public, or made available by issuing a determination policy certificate released to public. Information for obtaining the determination policy certificate may be recorded in or outside the attribute certificate and furnished to the service provider apparatus. In order to verify an attribute certificate transmitted from a user terminal, a service provider apparatus obtains the determination policy, and determines whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy.

摘要翻译： 在发布属性证书时，属性授权装置使得确定策略可用。 确定策略包括指定要由服务提供商设备检查的至少一个项目的信息，以确定要验证属性证书，以及用于确定的标准。 确定政策可以记录在属性证书中，或者发布给公众，或者通过发布给公众的决定政策证书提供。 用于获得确定政策证书的信息可以记录在属性证书内部或外部，并提供给服务提供商设备。 为了验证从用户终端发送的属性证书，服务提供者装置获得确定策略，并且确定在确定策略中指定的至少一个项目中的数据是否满足在确定策略中记录的准则。

公开(公告)号：US20050120205A1

公开(公告)日：2005-06-02

申请号：US10766869

申请日：2004-01-30

申请人： Katsuyuki Umezawa ,  Hiroki Uchiyama ,  Seiichi Susaki ,  Toshiomi Kodama

发明人： Katsuyuki Umezawa ,  Hiroki Uchiyama ,  Seiichi Susaki ,  Toshiomi Kodama

IPC分类号： G06K19/10 ,  G06F21/33 ,  G06F21/34 ,  G06Q10/00 ,  G06Q50/00 ,  G06Q50/10 ,  G06Q50/26 ,  G09C1/00 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04L9/00

CPC分类号： H04L63/0442 ,  H04L9/3234 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/0823 ,  H04L63/0853

摘要： A certificate management method is provided whereby a plurality of service providers have different reliable certificate authorities and, when certificates issued from the certificate authorities are implemented into a smart card, merely by revoking the certificate issued from the certificate authority on which the first service provider relies, all other implemented certificates can be revoked, and the certificates can be individually revoked. A system for implementing the method is provided. The certificate authorities n (n≧2) issue a certificate n by using a private key n′ corresponding to certificate n′ generated by using a certificate 1 issued from a certificate authority 1 which has previously been installed in the smart card and a corresponding private key 1. Thus, the issued certificates have a hierarchical chain relation. When the user wants to revoke all certificates, the certificate 1 issued from the certificate authority 1 is revoked.

摘要翻译： 提供了一种证书管理方法，其中多个服务提供者具有不同的可靠的证书颁发机构，并且当从证书颁发机构颁发的证书被实现到智能卡中时，仅通过撤销从第一服务提供商所依赖的证书颁发机构颁发的证书 ，所有其他实施的证书可以被撤销，证书可以被单独撤销。 提供了一种实现该方法的系统。 证书机构n（n> = 2）通过使用通过使用从先前安装在智能卡中的证书颁发机构1发出的证书1生成的证书n'的私钥n'发出证书n， 私钥1。 因此，颁发的证书具有分层链式关系。 当用户要撤销所有证书时，从证书颁发机构1发出的证书1被撤销。

公开(公告)号：US07770009B2

公开(公告)日：2010-08-03

申请号：US11999373

申请日：2007-12-04

申请人： Kunihiko Miyazaki ,  Ryoichi Sasaki ,  Kazuo Takaragi ,  Seiichi Susaki ,  Toshiyuki Moritsu ,  Mizuhiro Sakai ,  Mitsuru Iwamura ,  Tsutomu Matsumoto

发明人： Kunihiko Miyazaki ,  Ryoichi Sasaki ,  Kazuo Takaragi ,  Seiichi Susaki ,  Toshiyuki Moritsu ,  Mizuhiro Sakai ,  Mitsuru Iwamura ,  Tsutomu Matsumoto

IPC分类号： H04L9/32

CPC分类号： H04L9/3297 ,  H04L9/321 ,  H04L9/3247 ,  H04L2209/56

摘要： According to the invention, techniques for authenticating that a digitally signed document is genuine. Specific embodiments according to the present invention can determine whether a digital signature was generated by a digital signature generator, or if the digital signature was generated by a third party posing as the digital signature generator. Specific embodiments can provide independent verification of digital signer identity based upon prior signed messages, time/date stamps, and the like. Techniques according to the present invention can be embodied in methods, apparatus, computer software and systems.

摘要翻译： 根据本发明，用于认证数字签名的文档是真实的技术。 根据本发明的具体实施例可以确定数字签名是否由数字签名生成器生成，或者数字签名是否由构成数字签名生成器的第三方生成。 具体实施例可以基于先前签名的消息，时间/日期戳等来提供数字签名者身份的独立验证。 根据本发明的技术可以体现在方法，装置，计算机软件和系统中。

公开(公告)号：US07526645B2

公开(公告)日：2009-04-28

申请号：US10787262

申请日：2004-02-27

申请人： Kunihiko Miyazaki ,  Mitsuru Iwamura ,  Tsutomu Matsumoto ,  Ryoichi Sasaki ,  Hiroshi Yoshiura ,  Hirokazu Aoshima ,  Hideo Noyama ,  Seiichi Susaki ,  Takeshi Matsuki

发明人： Kunihiko Miyazaki ,  Mitsuru Iwamura ,  Tsutomu Matsumoto ,  Ryoichi Sasaki ,  Hiroshi Yoshiura ,  Hirokazu Aoshima ,  Hideo Noyama ,  Seiichi Susaki ,  Takeshi Matsuki

IPC分类号： H04L9/00

CPC分类号： G06F21/64

摘要： An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together. Otherwise, random numbers generated for the respective constituent elements are bound together, then the hash values of the respective random-numbered constituent elements are calculated, and then an electronic signature is affixed to data obtained by binding the calculated hash values together.

摘要翻译： 一种电子文件真实性保证技术和信息披露制度，可以兼容地实现披露文件的真实性的保证和删除不适合披露的信息。 电子文档被分成组成元件，并且电子签名被附加到包括所有组成元素的集合的任意子集中。 否则，电子签名附加到通过将每个组成元件绑定到指定组成元件中的相应一个和电子文档的结构之间的关系的信息而获得的数据。 否则，计算各组成要素的哈希值，并将电子签名附加到通过将所计算的散列值结合在一起而获得的数据。 否则，为各构成要素生成的随机数被绑定在一起，然后计算各随机编号的构成要素的哈希值，然后将电子签名附加到通过将计算出的哈希值结合在一起而获得的数据。

公开(公告)号：US07200682B2

公开(公告)日：2007-04-03

申请号：US10223677

申请日：2002-08-20

申请人： Kunihiko Miyazaki ,  Seiichi Susaki ,  Kazuo Takaragi ,  Hiroshi Yoshiura ,  Takeshi Matsuki ,  Hisashi Toyoshima ,  Mitsuru Iwamura ,  Tsutomu Matsumoto ,  Ryoichi Sasaki

发明人： Kunihiko Miyazaki ,  Seiichi Susaki ,  Kazuo Takaragi ,  Hiroshi Yoshiura ,  Takeshi Matsuki ,  Hisashi Toyoshima ,  Mitsuru Iwamura ,  Tsutomu Matsumoto ,  Ryoichi Sasaki

IPC分类号： G06F15/16

CPC分类号： G06Q30/06 ,  H04L9/3297

摘要： A time stamp generating system has a time distribution server for generating time data depending on time and a user PC for holding time certification objective digital data. The time distribution server generates time data corresponding to a time point and distributes the time data. The user PC calculates time stamp generating data by using the time certification objective data as an input, acquires the time data generated by the time distribution server, and processes the time data on the basis of the time stamp generating data to obtain a time stamp.

摘要翻译： 时间戳生成系统具有用于根据时间产生时间数据的时间分配服务器和用于保持时间认证目标数字数据的用户PC。 时间分配服务器生成对应于时间点的时间数据并分发时间数据。 用户PC通过使用时间认证对象数据作为输入来计算产生数据的时间戳，获取由时间分配服务器生成的时间数据，并根据时间戳生成数据来处理时间数据以获得时间戳。